[PATCH] ceph: don't reference req after put

Alex Elder Thu, 29 Nov 2012 06:38:54 -0800

In __unregister_request(), there is a call to list_del_init()
referencing a request that was the subject of a call to
ceph_osdc_put_request() on the previous line.  This is not
safe, because the request structure could have been freed
by the time we reach the list_del_init().


Fix this by reversing the order of these lines.

Signed-off-by: Alex Elder <el...@inktank.com>
---
 net/ceph/osd_client.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index 9b6f0e4..d1177ec 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -797,9 +797,9 @@ static void __unregister_request(struct
ceph_osd_client *osdc,
                        req->r_osd = NULL;
        }

+       list_del_init(&req->r_req_lru_item);
        ceph_osdc_put_request(req);

-       list_del_init(&req->r_req_lru_item);
        if (osdc->num_requests == 0) {
                dout(" no requests, canceling timeout\n");
                __cancel_osd_timeout(osdc);
-- 
1.7.9.5

--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] ceph: don't reference req after put

Reply via email to